Pdf Editor Cloud
CVE-2026-1591
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
AnalysisAI
Foxit PDF Editor Cloud contains a stored XSS vulnerability in its file upload functionality where malicious usernames are not properly sanitized before being displayed in the upload file list, enabling authenticated attackers to execute arbitrary JavaScript in other users' browsers. The vulnerability affects pdfonline.foxit.com versions prior to 2026-02-03 and currently has no available patch. An attacker with valid credentials could craft a malicious username to compromise account security or steal sensitive document data from other users viewing the file list.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Pdf Editor Cloud. Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Pdf Editor Cloud
View allSame weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today